SoylentNews is people
SoylentNews
Oracle insists it really is going to sell computers powered by Sparc M7 processors – the same chips it started talking about in 2014.
On Monday, Big Red breathlessly unveiled hardware powered by the beefy microprocessor, and on Tuesday, its supremo Larry Ellison lauded the 64-bit CPU's security defenses.
One of these defenses certainly caught our eye: the ability to tag regions of memory so software hijacked by hackers cannot read or write data it isn't supposed to. This should, we're told, render vulnerabilities such as Heartbleed useless to attackers – more on that in a moment.
[...] The M7 has a defense mechanism called Silicon Secured Memory (SSM) which seems incredibly similar to Oracle's Application Data Integrity (ADI) technology.
ADI works like this: when an application requests some new memory to use via malloc(), the operating system tags the block of memory with a version number, and gives the app a pointer to that memory. The pointer also contains the version number, which is stashed in the top four bits. (A 64-bit pointer doesn't use all 64 bits: the most significant bits are usually all 1s or 0s, and can be used to store metadata.)
Whenever a pointer is used to access a block of memory, the pointer's version number must match the memory block's version number, or an exception will be triggered. The version numbers are checked in real-time by the processor with a tiny overhead – an extra one percent of execution time, according to Oracle's benchmarks.
(Score: 1) by Francis on Friday October 30 2015, @12:18AM
That's like saying that adding an additional digit to a pin gives folks a 1 in 10 chance of cracking it. It adds another factor of difficulty to the brute force attack.
In this case, they would need to also know the color of the memory they want to address, not just the location. I'm sure it's not going to make it hacker-proof, but it should increase security in the same sort of way that the NX-bit did. The NX-bit didn't solve computer security either, but it did make it more difficult for crackers to get in there and execute arbitrary code.
(Score: 0) by Anonymous Coward on Friday October 30 2015, @12:31AM
>"That's like saying that adding an additional digit to a pin gives folks a 1 in 10 chance of cracking it."
Not really - in this case, there are only 16 tags, while a 4-digit PIN has ten thousand possible values. So it is like saying that using a PIN leaves you with a 1 in 10000 chance of cracking it. In fact, it may be less of an impediment. If the user can change the tag with impunity, then it would take an average of eight times as many tries to get access to another process's memory, compared to not using this system.
(Score: 1) by Francis on Friday October 30 2015, @12:37AM
Yes, but this is in addition to the other stuff. The attacker would have to know where the memory they want to overwrite ore access is and then they'd have to worry about predicting what the color of the region is and whether or not they can access it.
It is an additional 1/16 reduction of chance of cracking it if there's no way of manipulating the tags to ensure that you get the flavor you're expecting. If you can do manipulate it to ensure you get the one you want, then the 1/16 is equally wrong for a different reason.
(Score: 2) by TheRaven on Friday October 30 2015, @09:45AM
sudo mod me up
(Score: 0) by Anonymous Coward on Friday October 30 2015, @12:19PM
If you know the other digits of the PIN, that's exactly what the extra digit gives you.